Title page 1

Contents 3

I. Introduction and summary 4

II. The cybersecurity challenge: Adversaries 6

China 6

Russia 6

Iran 6

North Korea 6

Criminal organizations 6

Threat actors exploiting advanced AI capabilities 6

III. Cybersecurity strategic road map: Operational campaigning 8

A. Actions in the United States 8

1. Establishing a coordinating group to integrate campaigning activities headed by the national cyber director 8

2. Creating an ICPC of high-end cybersecurity and cloud providers to undertake continuous defensive campaigning 9

3. Establishing a national lab cohort to provide technical direction to the NCD 10

4. Scaling a national reserve force 10

5. Establishing regional resilience districts 10

6. Expanding USG risk mitigation capabilities to support critical domestic infrastructures 11

B. Actions outside the United States: Respond with offensive actions to state-supported intrusions into US critical infrastructures 13

1/C. Private-sector actions to disrupt criminal activities including dark web sites and to support the government including as a cyber reserve in wartime 14

IV. Conclusion 17

About the authors 17

Appendix: Requirements for scaling resilience through safe coding and zero trust architectures 18

Endnotes 19

Figures 5

Figure 1. National Cybersecurity Governance for Homeland Defense 5

Figure 2. Private Sector Support to National Cybersecurity Governance for Homeland Defense 5

Boxes 11

BOX 1. Regional resilience districts: membership/precedents 11

BOX 2. DOD offers "cybersecurity-as-a-service" programs 12

BOX 3. Cyber Command threat hunting in the United States 13

BOX 4. Private-sector offensive operations: Key factors 16